GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → malice-plugins → yara

malice-plugins / yara

Licence: other
Malice Yara Plugin

Programming Languages

YARA
70 projects

Labels

plugindockermalwaremalware-analyzermalware-analysismalware-researchyaramalicemalware-detectionmalice-plugin

Projects that are alternatives of or similar to yara

malware-writeups
Personal research and publication on malware families
Stars: ✭ 104 (+285.19%)
Mutual labels:  malware, malware-analyzer, malware-analysis, malware-research, malware-detection
freki
🐺 Malware analysis platform
Stars: ✭ 327 (+1111.11%)
Mutual labels:  malware, malware-analysis, malware-research, yara
Awesome Yara
A curated list of awesome YARA rules, tools, and people.
Stars: ✭ 1,394 (+5062.96%)
Mutual labels:  malware-analysis, malware-research, yara, malware-detection
binlex
A Binary Genetic Traits Lexer Framework
Stars: ✭ 303 (+1022.22%)
Mutual labels:  malware, malware-analysis, malware-research, yara
Malware Feed
Bringing you the best of the worst files on the Internet.
Stars: ✭ 69 (+155.56%)
Mutual labels:  malware, malware-analysis, malware-research, malware-detection
Apkid
Android Application Identifier for Packers, Protectors, Obfuscators and Oddities - PEiD for Android
Stars: ✭ 999 (+3600%)
Mutual labels:  malware-analysis, malware-research, yara, malware-detection
Stoq
An open source framework for enterprise level automated analysis.
Stars: ✭ 352 (+1203.7%)
Mutual labels:  malware-analysis, malware-research, yara, malware-detection
Malware-Sample-Sources
Malware Sample Sources
Stars: ✭ 214 (+692.59%)
Mutual labels:  malware, malware-analysis, malware-research, malware-detection
Multiscanner
Modular file scanning/analysis framework
Stars: ✭ 494 (+1729.63%)
Mutual labels:  malware, malware-analysis, malware-research, yara
Simplify
Android virtual machine and deobfuscator
Stars: ✭ 3,865 (+14214.81%)
Mutual labels:  malware, malware-analyzer, malware-analysis, malware-research
decrypticon
Java-layer Android Malware Simplifier
Stars: ✭ 17 (-37.04%)
Mutual labels:  malware, malware-analyzer, malware-analysis, malware-research
assemblyline
AssemblyLine 4 - File triage and malware analysis
Stars: ✭ 69 (+155.56%)
Mutual labels:  malware-analyzer, malware-analysis, malware-research, malware-detection
Freki
🐺 Malware analysis platform
Stars: ✭ 285 (+955.56%)
Mutual labels:  malware, malware-analysis, malware-research, yara
Yargen
yarGen is a generator for YARA rules
Stars: ✭ 795 (+2844.44%)
Mutual labels:  malware, malware-analysis, malware-research, yara
Threat Hunting
Personal compilation of APT malware from whitepaper releases, documents and own research
Stars: ✭ 219 (+711.11%)
Mutual labels:  malware, malware-analysis, malware-research, malware-detection
Owlyshield
Owlyshield is an EDR framework designed to safeguard vulnerable applications from potential exploitation (C&C, exfiltration and impact))..
Stars: ✭ 281 (+940.74%)
Mutual labels:  malware, malware-analysis, malware-research
Malice
VirusTotal Wanna Be - Now with 100% more Hipster
Stars: ✭ 1,253 (+4540.74%)
Mutual labels:  malware, malware-analysis, malware-research
Malware-Zoo
Hashes of infamous malware
Stars: ✭ 18 (-33.33%)
Mutual labels:  malware, malware-analysis, malware-research
Malware Analysis Scripts
Collection of scripts for different malware analysis tasks
Stars: ✭ 61 (+125.93%)
Mutual labels:  malware, malware-analysis, malware-research
Kernel-dll-injector
Kernel-Mode Driver that loads a dll into every new created process that loads kernel32.dll module
Stars: ✭ 256 (+848.15%)
Mutual labels:  malware, malware-analyzer, malware-analysis
View All Similar Projects ➔

YARA-logo

malice-yara

Circle CI License Docker Stars Docker Pulls Docker Image

Malice Yara Plugin

This repository contains a Dockerfile of the Yara malice plugin malice/yara.

Dependencies

Image Tags

REPOSITORY          TAG                 SIZE
malice/yara         latest              51.9MB
malice/yara         0.1.0               51.9MB
malice/yara         neo23x0             51.3MB

NOTE: tag neo23x0 contains all of the signature-base rules

Installation

  1. Install Docker.
  2. Download trusted build from public DockerHub: docker pull malice/yara

Usage

docker run --rm -v /path/to/rules:/rules:ro malice/yara:neo23x0 FILE

Or link your own malware folder

$ docker run -v /path/to/malware:/malware:ro -v /path/to/rules:/rules:ro malice/yara:neo23x0 FILE

Usage: yara [OPTIONS] COMMAND [arg...]

Malice YARA Plugin

Version: v0.1.0, BuildTime: 20180902

Author:
  blacktop - <https://github.com/blacktop>

Options:
  --verbose, -V          verbose output
  --elasticsearch value  elasticsearch url for Malice to store results [$MALICE_ELASTICSEARCH_URL]
  --callback, -c         POST results to Malice webhook [$MALICE_ENDPOINT]
  --proxy, -x            proxy settings for Malice webhook endpoint [$MALICE_PROXY]
  --table, -t            output as Markdown table
  --timeout value        malice plugin timeout (in seconds) (default: 60) [$MALICE_TIMEOUT]
  --rules value          YARA rules directory (default: "/rules")
  --help, -h             show help
  --version, -v          print the version

Commands:
  web   Create a Yara web service
  help  Shows a list of commands or help for one command

Run 'yara COMMAND --help' for more information on a command.

This will output to stdout and POST to malice results API webhook endpoint.

Sample Output

JSON

{
  "yara": {
    "matches": [
      {
        "Rule": "APT30_Generic_7",
        "Namespace": "malice",
        "Tags": null,
        "Meta": {
          "author": "Florian Roth",
          "date": "2015/04/13",
          "description": "FireEye APT30 Report Sample",
          "hash0": "2415f661046fdbe3eea8cd276b6f13354019b1a6",
          "hash1": "e814914079af78d9f1b71000fee3c29d31d9b586",
          "hash2": "0263de239ccef669c47399856d481e3361408e90",
          "license": "https://creativecommons.org/licenses/by-nc/4.0/",
          "reference": "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf",
          "super_rule": 1
        },
        "Strings": [
          {
            "Name": "$s1",
            "Offset": 29824,
            "Data": "WGphcG9yXyphdGE="
          },
          {
            "Name": "$s2",
            "Offset": 29848,
            "Data": "WGphcG9yX28qYXRh"
          },
          {
            "Name": "$s4",
            "Offset": 29864,
            "Data": "T3VvcGFp"
          }
        ]
      }
    ]
  }
}

FILTERED Output JSON:

$ cat JSON_OUTPUT | jq '.[][][] .Rule'

"_Microsoft_Visual_Cpp_v50v60_MFC_"
"_Borland_Delphi_v60__v70_"
"_dUP_v2x_Patcher__wwwdiablo2oo2cjbnet_"
"_Free_Pascal_v106_"
"_Armadillo_v171_"

Markdown

Yara

Rule Description Offset Data Tags
APT30_Generic_7 FireEye APT30 Report Sample 0x7480 &#34;Xjapor_*ata&#34; []

NOTE: Data truncated to 25 characters

Documentation

TODO

Issues

Find a bug? Want more features? Find something missing in the documentation? Let me know! Please don't hesitate to file an issue and I'll get right on it.

CHANGELOG

See CHANGELOG.md

Contributing

See all contributors on GitHub.

Please update the CHANGELOG.md and submit a Pull Request on GitHub.

License

MIT Copyright (c) 2016 blacktop

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].